`
`Early Warning Services 1005
`IPR of U.S. Pat. No. 8,887,308
`
`
`
`}S4I4
`
`UOI]QBUUOD
`
`ginpow
`
`uoneonuayyny
`
`ainpoyy|
`
`101999)
`
`9jnpow
`
`Patent Application Publication
`
`Jul. 22,2010 Sheet 1 of 7
`
`US 2010/0185868 A1
`
`
`
`ajnpow1senbey
`
`
`
`}d19981PUdDaS
`
`e]Npow
`
`
`
`g|npoywBulpuesg
`
`Old
`
`EWS-001549
`
`EWS-001549
`
`
`
`US 2010/0185868 Al
`
`FIG.2
`
`EWS-001550
`
`Selection
`
`oDa
`
`O saoo
`
`O
`oO
`
`Patent Application Publication
`
`Jul. 22, 2010 Sheet 2 of 7
`
`Encryption
`
`Database
`
`EWS-001550
`
`
`
`Patent Application Publication
`
`Jul. 22, 2010 Sheet 3 of 7
`
`US 2010/0185868 Al
`
`|
`|
`KODEKEYGUI
`|
`|
`|
`|
`| PLEASE ENTER YOUR CODE|
`!
`AND PRESS THE REDEEM |
`BUTTON
`PWERJ23RJTK23—_
`
`|
`|
`|
`|
`|
`Lo-__ 4
`
`|
`!
`
`|
`
`APLWEBSITE .COM GUI
`LOG IN TO CONTINUE.
`
`306
`
`r
`|
`|
`|
`|
`| LOGIN ID:
`|
`[USEREMAIL@MEMBER.COM]
`|
`PASSWORD:
`Xy7087654371
`|
`|
`|
`|
`
`SIGNIN
`
`7
`|
`|
`|
`|
`,
`|
`|
`|
`|
`|
`
`Lo_ 4
`
`
`
`DATABASE
`
`
`
`DATABASE PRODUCT METADATA|-302305
`
`
`
`
`
`
`
`FIG. 3
`
`EWS-001551
`
`EWS-001551
`
`
`
`Patent Application Publication
`
`Jul. 22, 2010 Sheet 4 of 7
`
`US 2010/0185868 Al
`
`ACTION :
`ENABLER ACCESS REQUEST.
`
`|
`! LOGINID:
`| LUSEREMAIL@MEMBER.COM}
`| PASSWORD:
`|
`[X¥Z987654321
`|
`|
`
`| SIGNIN )|
`LoL J
`
`|
`|
`
`|
`|
`|
`!
`
`401
`
`|
`|
`
`APLWEBSITE .COM GUI
`LOG IN TO CONTINUE.
`
`407ooCer
`
`
`DATABASE
`
`
`
`DATABASE
`
`
`
`FIG. 4
`
`EWS-001552
`
`EWS-001552
`
`
`
`Patent Application Publication
`
`Jul. 22, 2010 Sheet 5 of 7
`
`US 2010/0185868 Al
`
`STR3EM MACHINE
`GUI
`
`APLWEBSITE .COM GUI
`LOG IN TO CONTINUE.
`
`n>
`
`7
`r
`7
`r
`|
`|
`|
`|
`|
`|
`|
`|
`|
`|
`508
`|
`|
`
`|PLEASE CONNECT OR LOADA| | |
`
`| KEY FILE TO AUTHORIZETHIS
`|
`| LOGINID:
`|
`DEVICE.
`i
`|
`[USEREMAIL@MEMBER.COM]
`|
`|
`|
`|
`PASSWORD:
`CONNECT
`_J1~802
`XYZ987654321
`|
`|
`|
`|
`|
`|
`LOAD KEYFILE}|~503
`|
`|
`
`|
`|
`|
`|
`|
`
`AUTHORIZE
`
`J
` DATABASE
`
`DATABASE
`
`507
`
`FIG. 5
`
`EWS-001553
`
`EWS-001553
`
`
`
`Patent Application Publication
`
`Jul. 22, 2010 Sheet 6 of 7
`
`US 2010/0185868 A1
`
`Receive a branding request from at least
`one communications console of the
`
`plurality of data processing devices
`
`Authenticate the membership verification
`token
`
`Establish connection with the at least
`one communications console
`
`
`
`Request at least one electronic
`identification reference from the at least
`one communications console
`
`Receive the at least one electronic
`identification reference from the at least
`one communications console
`
`Brand metadata of the encrypted digital
`
`media
`
`End
`
`FIG.6
`
`602
`
`604
`
`606
`
`608
`
`610
`
`612
`
`EWS-001554
`
`EWS-001554
`
`
`
`Patent Application Publication
`
`Jul. 22, 2010 Sheet 7 of 7
`
`US 2010/0185868 Al
`
` 702
`
`Select one or media items to form the
`encrypted digital media
`
`create the encrypted digital media
`
`Enter a master password which provides
`accessto the encrypted digital media for
`editing
`
`Customize user access panelof the
`encrypted digital media
`
`—
`Connect the encrypted digital media to a
`database of membership verification
`tokens
`
`704
`
`706
`
`708
`
`710
`
`Encrypt the one or more media items to
`
`End
`
`FIG.7
`
`EWS-001555
`
`EWS-001555
`
`
`
`US 2010/0185868 Al
`
`Jul. 22, 2010
`
`PERSONILIZED DIGITAL MEDIA ACCESS
`SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`[0001]
`[0002] The present invention relates to the field of digital
`rights management schemes used by creators of electronic
`products to protect commercial intellectual property copy-
`rights privy to illegal copying using computerized devices.
`Morespecifically, the present invention teaches a more per-
`sonal system of digital rights management which employs
`electronic ID,as part ofa web service membership, to manage
`accessrights across a plurality of devices.
`[0003]
`2. Description of the Prior Art
`[0004] Digital rights management (DRM)is a generic term
`for access control technologies used by hardware manufac-
`turers, publishers, copyright holders and individuals to
`impose limitations on the usage of digital content across
`devices. DRMrefers to any technologythat inhibits undesir-
`able orillegal uses of the digital content. The term generally
`doesn’t refer to forms of copy protection that can be circum-
`vented without modifying the file or device, such asserial
`numbersorkeyfiles. It can alsoreferto restrictions associated
`with specific instances of digital works or devices.
`[0005] Traditional DRM schemesare defined as authenti-
`cation components added to digital files that have been
`encrypted from public access. Encryption schemes are not
`DRM methods but DRM systemsare implementedto use an
`additional layer of authentication in which permission is
`granted for access to the cipher key required to decryptfiles
`for access. A computer server is established to host decryp-
`tion keys and to accept authentication keys from Internet
`connected client computers running client software in which
`handles the encryptedfiles. The server can administer differ-
`ent authorization keys back to the client computer that can
`grant different sets of rules and a time frame granted before
`the client is required to connect with the server to reauthorize
`access permissions. In some cases content can terminate
`access after a set amountoftime, or the process can break if
`the provider of the DRM serverever ceasesto offer services.
`[0006]
`In the present scenario, consumer entertainment
`industries are in the transition of delivering products on
`physical media such as CD and DVDto Internet delivered
`systems. The CompactDisc, introduced to the public in 1982,
`was initially designed as a proprietary system offering strict
`media to player compatibility. As the popularity of home
`computers and CD-ROMdrivesrose, so did the availability of
`CD ripping applications to make local copies of music to be
`enjoyed withoutthe useofthe disc. After a while, users found
`ways to share digital versions of music in the form of MP3
`files that could be easily shared with family and friends over
`the Internet. The DVD formatintroduced in 1997 included a
`new apparatus for optical discs technology with embedded
`copy protection schemesalso recognized as an early form of
`DRM.With internet delivered music and video files, DRM
`schemes has been developed to lock acquired media to spe-
`cific machines and most times limiting playback rights to a
`single machine or among a limited number of multiple
`machines regardless of the model number. This was achieved
`by writing the machine device ID to the metadata ofthe media
`file,
`then cross referencing with a trusted clearinghouse
`according to pre-set rules. DRM systems employed by DVD
`and CD technologies consisted of scrambling (also known as
`encryption) disc sectors in a pattern to which hardware devel-
`oped to unscramble (also knownas decryption) the disc sec-
`tors are required for playback. DRM systemsbuilt into oper-
`ating systems such as Microsoft Windows Vista block
`
`viewing of media when an unsigned software application is
`running to prevent unauthorized copying of a media asset
`during playback. DRM used in computer games such as Secu-
`ROMandSteam are used to limit the amountof times a user
`can install a game on a machine. DRM schemesfor e-books
`include embedding credit card information and other per-
`sonal information inside the metadata area of a delivered file
`format andrestricting the compatibility of the file with a
`limited numberof reader devices and computer applications.
`[0007]
`In a typical DRM system, a product is encrypted
`using Symmetric block ciphers such as DES and AESto
`provide high levels of security. Ciphers known as asymmetric
`or public key/private key systems are used to manage access
`to encrypted products. In asymmetric systems the key used to
`encrypt a productis not the sameas that used to decryptit. If
`a producthas been encrypted using one key of a pair it cannot
`be decrypted even by someoneelse whohasthat key. Only the
`matching key of the pair can be used for decryption. After
`receiving an authorization token from a first-use action are
`usually triggers to decrypt block ciphers in most DRM sys-
`tems. Userrights andrestrictions are established during this
`first-use action with the corresponding hosting device of a
`DRMprotected product.
`[0008] Examples of such prior DRMart include Hurtado
`(U.S. Pat. No. 6,611,812) who described a digital rights man-
`agement system, where upon request to access digital con-
`tent, encryption and decryption keys are exchanged and man-
`aged via an authenticity clearing house. Other examples
`include Alve (U.S. Pat. No. 7,568,111) who teaches a DRM
`and Tuoriniemi (U.S. Pat. No. 20090164776) who described
`a management schemeto control accessto electronic content
`by recording use across a plurality oftrustworthy devices that
`has been granted permission to work within the scheme.
`[0009] Recently, DRM schemes have proven unpopular
`with consumers and rights organizations that oppose the com-
`plications with compatibility across machines manufactured
`by different companies. Reasons given to DRM opposition
`range from limited device playbackrestrictions to the loss of
`fair-use which defines the freedom to share media products
`will family members.
`[0010]
`Prior art DRM methodsrely on content providers to
`maintain computerservers to receive and send session autho-
`rization keysto client computers with an Internet connection.
`Usually rights are given from the server for an amountoftime
`or amountofaccess actions before a requirement to reconnect
`with the serveris required for reauthorization. At times, con-
`tent providers will discontinue servers or even go out of
`business someyears after DRM encrypted content was sold to
`consumers causing the ability to access files to terminate.
`[0011]
`In thelight of the foregoing discussion, the current
`states of DRM measures are not satisfactory because
`unavoidable issues can arise such as hardwarefailure or prop-
`erty theft that could lead to a paying customer loosing the
`right to recover purchased products. The current metadata
`writable DRM measuresdo not offer a way to provide unlim-
`ited interoperability between different machines. Therefore, a
`solution is needed to give consumers the unlimited interop-
`erability between devices and “fair use” sharing partners for
`an infinite time frame while protecting commercial digital
`media from unlicensed distribution to sustain long-term
`return of investments.
`
`SUMMARY OF THE INVENTION
`
`[0012] An object of the present invention is to provide
`unlimited interoperability of digital media between unlimited
`machines with managementof end-user access to the digital
`media.
`
`EWS-001556
`
`EWS-001556
`
`
`
`US 2010/0185868 Al
`
`Jul. 22, 2010
`
`In accordance with an embodimentofthe present
`[0013]
`invention, the invention is a process of an apparatus which in
`accordance with an embodiment, another apparatus, tangible
`computer medium,or associated methods (herein referred to
`as The App) is used to: handle at least one branding action
`which could include post read and write requests of at least
`one writable metadata as part of at least one digital media
`asset to identify and manage requests from at least one excel-
`sior enabler, and can further identify and manage requests
`from a plurality of connected second enablers; with at least
`one token andat least one electronic identification reference
`received from the at least one excelsior enabler utilizing at
`least one membership. Here, controlled by the at least one
`excelsior enabler, The App will proceedto receive the at least
`one tokento verify the authenticity ofthe branding action and
`further requests; then establish at least one connection with at
`least one programmable communications console of the at
`least one membership to request and receive the at least one
`electronic identification reference; and could request and
`receive other data information from the at least one member-
`ship. The method then involves sending and receiving vari-
`able data information from The Appto the at least one mem-
`bership to verify a preexisting the at least one branding action
`of the at least one writable metadata aspart of the at least one
`digital media asset; or to establish permission or denial to
`execute the at least one branding action or the post read and
`write requests ofthe at least one writable metadata. To dothis,
`controlled by the at least one excelsior enabler. The App may
`establish at least one connection, whichis usually through the
`Internet, with a programmable communications console,
`which is usually a combination of an API protocol and
`graphic user interface (GUI) as part of a web service. In
`addition, the at least one excelsior enabler provides reestab-
`lished credentials to the programmable communications con-
`sole as part of the at least one membership, in which The App
`is facilitating and monitoring, to authenticate the data com-
`munications session used to send and receive data requests
`between the at least one membership and The App.
`[0014]
`In accordance with another embodiment of the
`present invention, the present invention teaches a method for
`monitoring access to an encrypted digital media and facilitat-
`ing unlimited interoperability between a plurality of data
`processing devices. The method comprises receiving a brand-
`ing request from at least one communications console of the
`plurality of data processing devices, the branding request
`being a read and write request of metadata of the encrypted
`digital media, the request comprising a membership verifica-
`tion token corresponding to the encrypted digital media. Sub-
`sequently, the membership verification token is authenti-
`cated, the authentication being performed in connection with
`a token database. Thereafter, connection with the at least one
`communications console is established. Afterwards, at least
`oneelectronic identification reference is requested from the at
`least one communications console. Further, the at least one
`electronic identification reference is received from theatleast
`one communications console. Finally, branding metadata of
`the encrypted digital media is performed by writing the mem-
`bership verification token and the electronic identification
`reference into the metadata.
`
`[0015] The present inventionis particularly useful for giv-
`ing users the freedom to use products outside of the device in
`whichthe product was acquired and extend unlimitedinterop-
`erability with other compatible devices.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`For a more complete understanding of the present
`[0016]
`invention, the needs satisfied thereby, and the objects, fea-
`
`tures, and advantages thereof, reference now is made to the
`following description taken in connection with the accompa-
`nying drawings.
`[0017]
`FIG. 1 shows a system for monitoring access to an
`encrypted digital media according to an embodimentof the
`present invention.
`[0018]
`FIG. 2 shows a system for authoring an encrypted
`digital media according to an embodiment of the present
`invention.
`[0019]
`FIG. 3 showsa flow chart giving an overview ofthe
`process of digital media personalization according to an
`embodimentof the present invention.
`[0020]
`FIG. 4 showsa flow chart giving an overview ofthe
`process of an access request made by an enabler according to
`an embodimentof the present invention.
`[0021]
`FIG. 5 showspersonalized digital rights manage-
`ment componentas part of a compatible machine with writ-
`able static memory.
`[0022]
`FIG. 6 showsa flowchart for monitoring access to an
`encrypted digital media according to an embodimentof the
`present invention
`[0023]
`FIG. 7 shows a flowchart showing authoring an
`encrypted digital media according to an embodimentof the
`present invention.
`[0024]
`Skilled artisans will appreciate that elements in the
`figures are illustrated for simplicity and clarity and have not
`necessarily been drawnto scale. For example, the dimensions
`of some of the elements in the figures may be exaggerated
`relative to other elements to help to improve understanding of
`embodiments of the present invention
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`[0025] Before describing in detail the particular system and
`methodfor personalised digital media access system in accor-
`dance with an embodiment ofthe present invention,it should
`be observed that the present invention resides primarily in
`combinations of system componentsrelated to the device of
`the present invention.
`[0026] Accordingly, the system components have beenrep-
`resented where appropriate by conventional symbols in the
`drawings, showing only those specific details that are perti-
`nent to understanding the present invention so as not to
`obscure the disclosure with details that will be readily appar-
`ent to those of ordinary skill in the art having the benefit ofthe
`description herein.
`[0027]
`Inthis document,relational terms suchas‘first’ and
`‘second’, and the like may be usedsolely to distinguish one
`entity or action from anotherentity or action without neces-
`sarily requiring or implying any actual such relationship or
`order between such entities or actions. The terms ‘com-
`prises’, ‘comprising’, or any other variation thereof, are
`intended to cover a non-exclusive inclusion, such that a pro-
`cess, method, article, or apparatus that comprises a list of
`elements does not include only those elements but may
`include other elements not expressly listed or inherent to such
`process, method,article, or apparatus. An element proceeded
`by ‘comprises .
`.
`. a’ does not, without more constraints,
`preclude the existence of additional identical elements in the
`process, method,article, or apparatus that comprises the ele-
`ment.
`
`The present invention is directed at providing infinite access
`rights of legally acquiredat least one encrypted digital media
`asset to the content acquirer, explainedin this documentas the
`excelsior enabler, and optionally to their recognized friends
`and family, explained in this documentas a plurality of sec-
`ondary enablers. To explain further, the excelsior enabler and
`secondary enablers defined comprises human beings or com-
`
`EWS-001557
`
`EWS-001557
`
`
`
`US 2010/0185868 Al
`
`Jul. 22, 2010
`
`puterized mechanisms programmed to process steps of the
`invention as would normally be done manually by a human
`being. Additionally, an apparatus used aloneor in accordance
`with an embodiment, another apparatus, tangible computer
`medium,or associated methods with a connection are needed
`(herein referred to as The App). To deliver the requirements of
`the invention, communicative and connected elements com-
`prise: verification, authentication, electronic ID metadata
`branding, additional technical branding, and cross-referenc-
`ing. The connection handling the communicative actions of
`the invention will usually be the Internet and can also be an
`internal apparatus cooperative. The App can further be
`defined as a Windows OS, Apple OS, Linux OS, and other
`operating systems hosting software running on a machine or
`device with a capable CPU, memory, and data storage. The
`App can be even further defined as a system on a chip (SOC),
`embeddedsilicon, flash memory, programmable circuits,
`cloud computing and runtimes, and other systems of auto-
`mated processes.
`[0028] The digital media assets used in this system are
`encrypted usually with anAES cipher and decryption keys are
`usually stored encoded, no encoded, encrypted, or no
`encrypted as part of the apparatus or as part of a connection
`usually an Internet server. As explainedearlier, the system we
`will discuss will work as a front-end to encryptedfiles as an
`authorization agent for decrypted access.
`[0029]
`FIG. 1 shows a system 100 for monitoring access to
`an encrypted digital media according to an embodimentofthe
`present invention. The system 100 includesa first recipient
`module 102, an authentication module 104, a connection
`module 106, a request module 108, a second receipt module
`110 and a branding module 112. Thefirst receipt module 102
`receives a branding request from at least one communications
`console ofthe plurality of data processing devices. The brand-
`ing request is a read and write request of metadata of the
`encrypted digital media and includes a membership verifica-
`tion token corresponding to the encrypted digital media.
`Examples ofthe encrypted digital media includes, and are not
`limited to, one or moreof a video file, audio file, container
`format, document, metadata as part of video game software
`and other computer based apparatus in which processed data
`is facilitated.
`
`the authentication module 104
`Subsequently,
`[0030]
`authenticates the membership verification token. The authen-
`tication is performed in connection with a token database.
`Further, the connection module 106 establishes communica-
`tion with the at least one communication console.
`
`[0031] According to an embodimentof the present inven-
`tion, the connection is established through one ofinternet,
`intranet, Bluetooth, VPN, Infrared and LAN.
`[0032] According to another embodiment of the present
`invention, the communication console is a combination of an
`Application Programmable interface (API) protocol and
`graphic userinterface (GUI)as a part ofweb service. The API
`is a set of routines, data structures, object classes, and/or
`protocols provided by libraries and/or operating system ser-
`vices. The API is either one of language dependent or lan-
`guage independent.
`[0033] The request module 108 requests at least one elec-
`tronic identification reference from the at least one commu-
`nication console. The second receipt module 110 receives the
`at least one electronic identification reference from the least
`one communication console. The branding module 112
`brands metadata ofthe encrypted digital media by writing the
`membership verification token and the electronic identifica-
`tion into the metadata.
`
`FIG. 2 shows a system 200 for authoring an
`[0034]
`encrypted digital media according to an embodimentof the
`present invention. The figure includes a selection module
`202, a password module 204, a customization module 206, a
`database module 208 and an encryption module 210. The
`selection module 202 facilitates selection of one or more
`media itemsto form the encrypted digital media. Examples of
`the one or media itemsinclude, andare not limited to, one or
`more of a video, an audio and a game.
`[0035] According to an embodimentof the present inven-
`tion, the one or more media items are one or more of remote
`URLlinks and local mediafiles.
`
`[0036] The password module 204 prompts the userto enter
`a master password which provides access to the encrypted
`digital media. Subsequently, the customization module 206
`allows the user to customize the user access panel of the
`encrypted digital media.
`[0037] According to an embodimentof the present inven-
`tion, the customization module 206 facilitates adding one or
`more of a banner, a logo, an image, an advertisement, a tag
`line, a header message and textual information to the user
`access panel of the encrypted digital media.
`[0038]
`Further,
`the database module 208 connects the
`encrypted digital media to a database of membership verifi-
`cation token required for decrypting the encrypted digital
`media.
`
`[0039] According to an embodimentof the present inven-
`tion, the membership verification token is a kodekey. The
`kodekeyis a unique serial numberassigned to the encrypted
`digital media.
`[0040] The encryption module 210 encrypts the one or
`more media itemsto create the encrypted digital media.
`[0041] According to an embodimentof the present inven-
`tion, the system 200 further includes a watermark module.
`The watermark module watermarks information on the
`encrypted digital media, wherein the watermark is displayed
`during playback of the encrypted digital media.
`[0042] According to another embodiment of the present
`invention, the system 200 further includes an access module.
`The access module allows the user to define access rights.
`Examplesof the access rights include, but are not limited to,
`purchasingrights, rental rights and membership accessrights.
`[0043] According to yet another embodimentofthe present
`invention, the system 200 further includes a name module.
`The name module allows the user to name the encrypted
`digital media.
`[0044]
`FIG. 3 showsa flow chart giving an overview ofthe
`process of digital media personalization according to an
`embodimentofthe present invention. The processis achieved
`by way of an enabler using an apparatus or otherwise known
`as an application in which facilitates digital media files. The
`apparatus interacts with all communicative parts required to
`fulfill the actions of the invention. The figure shows a Kode-
`key Graphical User Interface (GUI) 301, a product metadata
`302, a networking card 303, internet 304, 306 and 308, data-
`base 305 and 309 and an APIwebsite.com GUI 307. A user
`posts a branding request via the Kodekey GU]interface 301.
`The Kodekey GUIinterface 301 is the GUIfor entering token.
`The Kodekey GUIinterface 301 prompts the user to enter the
`token and press the redeem button present on the Kodekey
`GUlinterface 301. The product metadata 302 is read/writable
`metadata associated with the digital media to be acquired.
`The networking card 303 facilitates querying of optional
`metadata branding process and referenced. The Kodekey GUI
`interface is connectedto the database 305via the internet 304
`through the networking card 303. The database 305 is the
`database used to read/write and store the tokens, also referred
`
`EWS-001558
`
`EWS-001558
`
`
`
`US 2010/0185868 Al
`
`Jul. 22, 2010
`
`to as token database. Theuseris redirected to the APIwebsite.
`com GUI 307 through the internet 306. The APIwebsite.com
`is the GUIto the membership API in whichthe electronic ID
`is collected and sent back to the Kodekey GUIinterface 301.
`The APIwebsite.com GUI 307 prompts the user to enter a
`login id and a passwordto access the digital media whichis
`acquired from the database 309 throughthe internet 308. The
`database 309 is the database connected to the web service
`membership in which the user’s electronic ID is queried from.
`[0045] Examples of the encrypted digital files include, and
`are notlimited to, a video file, an audiofile, container formats,
`documents, metadata as part of video game software and
`other computer based apparatus in which processed data is
`facilitated.
`
`present invention. At step 602, a branding request is made by
`auser from at least at least one communications console ofthe
`plurality of data processing devices. The branding requestis
`a read and write request of metadata of the encrypted digital
`media.
`
`[0049] According to an embodimentof the present inven-
`tion, the request includes a membership verification token
`corresponding to the encrypted digital media.
`[0050]
`Subsequently, the membership verification token is
`authenticated at step 604. The authentication is performedin
`connection with a token database. Further, connection with
`the at least communication console is established at step 606.
`Afterwards, at least one electronic identification reference is
`requested from the at least one communications console at the
`step 608. At step 610, at least one electronic identification
`reference in received from the at least one communication
`console. Finally, metadata of the encrypted digital media is
`branded by writing the membership verification token and the
`electronic identification reference into the metadata at the
`step 612.
`FIG. 7 shows a flowchart showing authoring an
`[0051]
`encrypted digital media according to an embodimentof the
`present invention. At step 702, one or more media items are
`selected by the user to form the encrypted digital media.
`Subsequently, a master password is entered for providing
`access to the encrypted digital media for editing at step 704.
`Afterwards,
`the user customizes the user panel of the
`encrypted digital media at step 706. Further, the encrypted
`digital media is connected to a database of membership veri-
`fication tokens required for decrypting the encrypted digital
`mediaatthe step 708. Finally, the one or more media itemsare
`encrypted to create the encrypted digital media at the step
`710.
`
`FIG. 4 showsa flow chart giving an overview ofthe
`[0046]
`process of an access request made by an enabler according to
`an embodimentof the present invention. Subsequently, the
`communicative parts to cross-reference information stored in
`the metadata ofthe digital media asset are checked which has
`been previously handled by the process of FIG. 1. The figure
`showsan enabler access request 401, a product metadata 402,
`a networking card 403, an internet 404, 406 and 408, a data-
`base 405 and 409 and an APlwebsite.com GUI 407, The
`enabler access request 401 facilitates the user to make a
`request for the digital media. The product metadata 402 is
`read/writable metadata associated with the digital media to be
`acquired. The networking card 403 facilitates querying of
`optional metadata branding process and referenced. The data-
`base 405 is the database used to read/write and store the
`tokens. The APIwebsite.com GU]407 is the GU]in which the
`electronic ID is collected and sent back to the Kodekey GUI
`interface 301. The APIwebsite.com GUI 407 prompts the user
`to enter a login id and a passwordto access the digital media
`[0052] According to various embodiments of the present
`from the database 409 throughthe internet 408. The database
`invention, the verification is facilitated by at least one token
`409is the database connectedto the web service membership
`handled by at least one excelsior enabler. Examples of the
`in which the user’s electronic ID is queried from.
`token include, and are not limited to, a structured or random
`[0047]
`FIG. 5 shows personalized digital rights manage-
`password, e-mail address associated with an e-commerce
`ment componentas part of a compatible machine with writ-
`payment system used to make an authorization payment, or
`able static memory. The figure represents an authorization
`other redeemable instruments of trade for access rights of
`sequenceaction in which a machineis authorized to accept a
`digital media. Examples of e-commerice systems are PayPal,
`personalized digital mediafile. The figure includes STR3EM
`Amazon Payments, and other credit card services.
`Machine GUI 501 including the connect icon 502, a load key
`[0053] According to an embodimentof the present inven-
`file icon 503, a networking card 504, an internet 505, 508 and
`tion, an identifier for the digital media is stored in a database
`510, a database 506 and 511, a machine memory 507 and a
`with another database ofalist of associated tokensfor cross-
`APIwebsite.com GUI 509. The STR3EM Machine GUI 501
`reference identification for verification.
`prompts the user to connector load a keyfile to authorize the
`device through the connect icon 502 andthe load keyfile icon
`503. The STR3EM Machine GUI 501 is connected to the
`networking card 504. The networking card 504 facilitates
`querying of optional metadata branding process andrefer-
`enced. Further, the STR3EM machine GUI 501 is connected
`to the database 506 via the internet 505. The database 506 is
`the database used to read/write and store the tokens. More-
`over, STR3EM Machine GUI 501 is connected to the
`machine memory 507. The machine memory 507 represents
`the internal memory of the machine or device so authoriza-
`tions can be saved for access of the digital media. The API-
`website.com GU] 509 is connected to the STR3EM machine
`GUIthroughthe internet 508. Further, APIwebsite.com GUI
`509 is connected to the database 511 throughthe internet 510.
`The APIwebsite.com GUI 509 prompts the user to enter the
`login id and a password to authorize the access to digital
`media. The database 511 is the database connected to the web
`service membership in which the user’s electronic ID is que-
`ried from.
`
`[0054] According to an embodimentof the present inven-
`tion, the database of a list of associated tokens includes
`Instant Payment Notification (IPN) received from successful
`financial e-commercetransactions that includes the identifier
`for the digital media; import of CSV password lists, and
`manually created reference phrases.
`[0055]
`For this discussion, the structured or random pass-
`word example will be used as reference. The structured or
`random passwords can be devised in encoded schemesto flag
`the apparatus of permission type such as: 1) Purchases can
`start a password sequence with “P”following a random num-
`ber, so further example would be “PSJD42349MFJDF”. 2)
`Rentals can start or end a password sequence with “R”plus
`(+) the numberof daysa rental is allowed, for example “R7”
`included in “R7SJDHFG58473”flagging a seven day rental.
`3) Memberships can start or end a password sequence with
`“M” plus (+) optionally the length of months valid for
`example “M11DFJGH34KF” would flag an eleven-month
`membership period.
`[0056] According to an embodimentof the present inven-
`tion, the tokens are stored in a relational database such as
`
`EWS-001559
`
`FIG. 6 showsa flowchart for monitoring access to an
`[0048]
`encrypted digital media according to an em